Victims or Villains: Intelligent Incident Response Can Save the Day

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.infosecurity-magazine.com/opinions/intelligent-incident-response-save/

We all know the lessons of nursery school tales: don’t lie, don’t steal,
and play nice with others.

The data breach morality tale is a bit more complicated. When you find out
someone is stealing from you: don’t lie, act quickly, and be nice even when
everyone’s mad at you. If you get defensive or try to be sneaky, you’ll go
from victim to villain in the swipe of a headline. Data breaches are
happening with greater frequency, and are compromising larger volumes of
data, than ever before.

As the toll of identity theft, privacy loss and exploited infrastructure
mounts, the ramifications intensify. Organizations are being subjected to
stronger financial penalties, greater legislative and regulatory scrutiny
and tangible reputational damage.

For organizations that suffer a breach, responding in an intelligent and
confident manner is becoming critical. But given today’s deeply connected
landscape, how can organizations protect themselves, and their customers,
along with safeguarding or even increasing business value?

The number one answer is total engagement with information security risks
and challenges from the board on down. We’re finally seeing significant
signs of movement in that direction. A recent Georgia Tech Information
Security Center survey of Forbes Global 2000 board directors and executives
found that 63 percent of respondents are addressing cyber-security
actively, a significant increase from 33 percent in 2012. The survey also
found that 53 percent of boards formed a risk committee to identify and
manage cyber-risk issues, compared to 8 percent in 2008.

Preventing the Next Data Breach

The most effective data breach prevention approaches are based on the
premise that it is possible for an organization to increase an adversary’s
‘work factor’ to such a degree that malicious activity becomes unprofitable
and attackers move on to easier targets. Basic technical preventative
measures are popular because they scale easily; automated scans are more
reliable and efficient than staffing monitoring teams around the clock,
especially for smaller organizations.

Responding to a Data Breach

Smart organizations realize that incidents can occur regardless of
precautions and seek to respond to breaches in a resilient and professional
manner. However, when confronted with an actual breach it often becomes
clear that response capabilities are lacking.

In some cases, the technology solutions to detect, repair and recover from
data loss are not in place; in other cases, the protocol for quickly
communicate a clear, unified message to all stakeholders has not been
established or rehearsed.

How can information security demonstrate business value when responding to
a data breach, and what are the key organizational capabilities to have in
place? It’s important to consider technology, process, people – and often
politics. Follow these three simple steps on a continuous basis: develop a
plan; practice the plan; respond decisively.

Managing Your Message

Preparation is essential. An inter-departmental scenario planning that
tests the organization’s media and customer response strategy is a good way
to assess your response readiness and identify areas in need of
improvement. Creating and testing response plans may also attract interest
from senior management, particularly if their organization, or a
competitor, has suffered an incident that inflicted reputational damage.

Messaging should be about creating transparency within the organization and
with the public. The organization should be seen communicating in an
ethical and trustworthy manner. This is not a time for using communication
as a PR spin opportunity, attempting to pull the wool over people’s eyes,
or retreating behind a veil of silence. Communicate effectively throughout
the incident (and afterwards) in an honest and transparent manner about the
breach, the impact, what you are doing to address the impact of those
affected.

Next Steps

Data breaches have become a regular feature of modern life, and have
personally or professionally affected most of us, the real difficulty lies
in acknowledging that breaches are inevitable, and that resources invested
in advance can pay dividends when a crisis occurs.

It takes maturity for an organization to recognise it will not be able to
control the narrative after a breach becomes public. Leadership involves
being honest and transparent with customers; this is the only way to
maintain credibility in such difficult circumstances.

A robust data breach response includes developing a plan, regular scenario
planning, taking decisive action and managing the message. These actions
will involve a wide range of internal stakeholders, and may involve the
services of external crisis management and media experts. Once a breach
happens, swift decision-making requires accurate data.

Organizations need to take stock now in order to ensure that they are fully
prepared and engaged to deal with these ever-emerging security challenges,
before it’s too late.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.